Amendments to the Claims; 

This listing of claims will replace all prior versions, and listings of claims in the 

application. 
Listing of Claims: 

1. (Original) A method comprising: 

receiving into an execution environment input component code and a runtime security 
policy; and 

generating a call graph of call paths through the input component code simulated in 
combination with at least one symbolic component representing additional arbitrary code that 
complies with the runtime security policy. 

2. (Original) The method of claim 1 wherein a possible execution path through 
the input component code that is compliant with the runtime security policy is represented by an 
individual call path. 

3. (Original) The method of claim 1 wherein at least one node in the call graph 
includes a symbolic permission set and a known method implementation. 

4. (Original) The method of claim 1 wherein at least one node in the call graph 
includes a symbolic permission set and a token representing an unknown method 
implementation. 

5. (Original) The method of claim 1 wherein the generating operation 
comprises: initializing a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime. 
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6. (Original) The method of claim 1 wherein the generating operation 
comprises: 

updating a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime based on detection of an additional data value that may be passed as a 
parameter to the arbitrary code at runtime. 



7. (Original) The method of claim 1 wherein the generating operation 
comprises: 

updating a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime based on detection of a new dataflow to the arbitrary code. 

8. (Original) The method of claim 1 wherein the generating operation 
comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of arbitrary code. 

9. (Original) The method of claim 1 wherein the generating operation 
comprises: 

identifying one or more methods of the input code component that can be called by the 
arbitrary code. 

10. (Original) The method of claim 1 wherein the generating operation 
comprises: 

identifying one or more methods of the input component code that can be called by the 

arbitrary code; and 

identifying one or more other methods of the input component code that can be called by 
the identified one or more methods of the input component code. 
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1 1 . (Original) The method of claim 1 wherein the generating operation 
comprises: 

identifying one or more methods of the input component code that can be called by the 

arbitrary code; and 

identifying at least one method of the arbitrary code that can be called by a virtual call of 
the identified one or more methods of the input component code. 

12. (Original) The method of claim 1 wherein any method reachable by execution 
in accordance with the runtime security policy is represented by one of more nodes in the call 
graph. 

13. (Original) The method of claim 1 wherein the generating operation 
comprises: 

generating at least one constraint associated with one or more instructions in the input 
component code. 

1 4. (Original) The method of claim 1 wherein the generating operation 
comprises: 

generating at least one constraint associated with a parameter of a method call in the 
input component code. 

15. (Original) The method of claim 1 wherein the generating operation 
comprises: 

generating at least one constraint associated with a returned result of a method call in the 
input component code. 

16. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a call path that presents a security vulnerability in the 
input component code. 
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17. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a call path that presents a security vulnerability in the 
input component code and a call path that presents no security vulnerability in the input 
component code. 

18. (Original) The method of claim 1 fiirther comprising: 
analyzing the call graph to generate a security report that identifies a security 

vulnerability in the input component code. 

19. (Original) The method of claim 1 further comprising: 
analyzing the call graph to identify a call path that satisfies a query. 

20. (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a security-vulnerable usage of a permission demand. 

21 . (Original) The method of claim 1 further comprising: 

analyzing the call graph to identify a security- vulnerable usage of a permission assertion. 

22. (Original) The method of claim 1 further comprising: 
analyzing the call graph to identify a lack of uniform usage of security checks. 

23. (Original) The method of claim 1 fiirther comprising: analyzing the call graph 
to identify an equivalence between use of a permission link-demand and a permission demand. 
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24. (Original) The method of claim 1 wherein the generating operation 
comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generating at least one constraint associated with a virtual call in the input component 
code; and 

evaluating the at least one constraint by a symbolic computation on potential target 
classes for the virtual call in the generated class hierarchy. 

25 . (Original) The method of claim 1 wherein the generating operation 

comprises: 

generating at least one constraint associated with either a security demand or a security 
assert in the input component code; 

evaluating the at least one constraint by a symbolic computation on dynamic permissions 
of the input component code and on a parameter permission of the security demand or the 

security assert; and 

conditionally generating at least one additional constraint associated with one or more 
instructions located in the input component code after the security demand or assert, responsive 
to the evaluating operation. 

26. (Original) The method of claim 1, fiirther comprising 

analyzing the call graph to classify, based on permissions, pieces of code performing 
sensitive actions in the input component code. 

27. (Original) The method of claim 1, fiirther comprising 

analyzing the call graph and another call graph obtained for a different version of input 
component code to generate a security report that identifies a security vulnerability in the 
different version of the input component code. 
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28. (Original) The method of claim 1, further comprising 

analyzing the call graph and another call graph obtained for a different version of input 
component code to identify a call path that presents a security vulnerability in the different 

version of the input component code. 

29. (Previously presented) A computer program storage medium encoding a 
computer program for executing on a computer system a computer process, the computer process 
comprising: 

receiving into an execution environment input component code and a runtime security 

policy; and 

generating a call graph of call paths through the input component code simulated in 
combination with at least one symbolic component representing additional arbitrary code that 
complies with the runtime security policy. 

30. (Previously presented) The computer program storage medium of claim 29 
wherein a possible execution path through the input component code that is compliant with the 
runtime security policy is represented by an individual call path. 

3 1 . (Previously presented) The computer program storage medium of claim 29 
wherein at least one node in the call graph includes a symbolic permission set and a known 
method implementation. 

32. (Previously presented) The computer program storage medium of claim 29 
wherein at least one node in the call graph includes a symbolic permission set and a token 
representing an unknown method implementation. 

33 . (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

initializing a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime. 



7 



Attorney Docket No. MS30600 1 .0 1 



34. (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

updating a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime based on detection of an additional data value that may be passed as a 
parameter to the arbitrary code at runtime. 

35 . (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

updating a symbolic value that represents data values that may be obtained by the 
arbitrary code at runtime based on detection of a new dataflow to the arbitrary code. 

36. (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of arbitrary code. 

37. (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

identifying one or more methods of the input component code that can be called by the 
arbitrary code. 

38. (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

identifying one or more methods of the input component code that can be called by the 
arbitrary code; and 

identifying one or more other methods of the input component code that can be called by 
the identified one or more methods of the input component code. 
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39. (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

identifying one or more methods of the input component code that can be called by the 

arbitrary code; and 

identifying at least one method of the arbitrary code that can be called by a virtual call of 
the identified one or more methods of the input component code. 

40. (Previously presented) The computer program storage medium of claim 29 
wherein any method reachable by execution in accordance with the runtime security policy is 
represented by one of more nodes in the call graph. 

4 1 . (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

generating at least one constraint associated with one or more instructions in the input 
component code. 

42. (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

generating at least one constraint associated with a parameter of a method call in the 
input component code. 

43 . (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

generating at least one constraint associated with a returned result of a method call in the 
input component code. 

44. (Previously presented) The computer program storage medium of claim 29 
wherein the computer process further comprises: 

analyzing the call graph to identify a call path that presents a security vulnerability in the 
input component code. 
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45 . (Previously presented) The computer program storage medium of claim 29 
wherein the computer process further comprises: 

analyzing the call graph to identify a call path that presents a security vulnerability in the 
input component code and a call path that presents no security vulnerability in the input 
component code. 

46. (Previously presented) The computer program storage medium of claim 29 
wherein the computer process further comprises: 

analyzing the call graph to generate a security report that identifies a security 
vulnerability in the input component code. 

47. (Previously presented) The computer program storage medium of claim 29 
wherein the computer process further comprises: 

analyzing the call graph to identify a call path that satisfies a query. 

48. (Previously presented) The computer program storage medium of claim 29 
wherein the computer process further comprises: 

analyzing the call graph to identify a security-vulnerable usage of a permission demand. 

49. (Previously presented) The computer program storage medium of claim 29 
wherein the computer process fiirther comprises: 

analyzing the call graph to identify a security- vulnerable usage of a permission assertion. 

50. (Previously presented) The computer program storage medium of claim 29 
wherein the computer process further comprises: 

analyzing the call graph to identify a lack of uniform usage of security checks. 

51. (Previously presented) The computer program storage medium of claim 29 
wherein the computer process further comprises: 

analyzing the call graph to identify an equivalence between use of a permission link- 
demand and a permission demand. 
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52. (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generating at least one constraint associated with a virtual call in the input component 
code; and 

evaluating the at least one constraint by a symbolic computation on potential target 
classes for the virtual call in the generated class hierarchy. 

53. (Previously presented) The computer program storage medium of claim 29 
wherein the generating operation comprises: 

generating at least one constraint associated with either a security demand or a security 
assert in the input component code; 

evaluating the at least one constraint by a symbolic computation on dynamic permissions 
of the input component code and on a parameter permission of the security demand or the 
security assert; and 

conditionally generating at least one additional constraint associated with one or more 
instructions located in the input component code after the security demand or assert, responsive 
to the evaluating operation. 

54. (Previously presented) The computer program storage medium of claim 29 
further comprising 

analyzing the call graph to classify, based on permissions, pieces of code performing 
sensitive actions in the input component code. 

55 . (Previously presented) The computer program storage medium of claim 29 
further comprising 

analyzing the call graph and another call graph obtained for a different version of input 
component code to generate a security report that identifies a security vulnerability in the 
different version of the input component code. 
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56. (Previously presented) The computer program storage medium of claim 29 
further comprising 

analyzing the call graph and another call graph obtained for a different version of input 
component code to identify a call path that presents a security vulnerability in the different 
version of the input component code. 

57. (Currently Amended) A system comprising: 
a processing unit; 

a call graph generator executing on the processing unit that receives receiving into an 
execution environment input component code and a runtime security policy[[,]] and generates 
gonorating a call graph of call paths through the input component code simulated in combination 
with at least one sjnnbolic component that represents additional arbitrary code that complies with 
the runtime security policy. 

58. (Original) The system of claim 57 wherein a possible execution path through 
the input component code that is compliant with the runtime security policy is represented by an 
individual call path. 

59. (Currently Amended) The system of claim 57 further comprising: 

a call graph analyzer executing on the processing unit that analyzes the call graph to 
identify a security-vulnerable usage of a permission demand. 

60. (Currently Amended) The system of claim 57 further comprising: 

a call graph analyzer executing on the processing unit that analyzes the call graph to 
identify a security- vulnerable usage of a permission assertion. 

61 . (Currently Amended) The system of claim 57 further comprising: 

a call graph analyzer executing on the processing unit that analyzes the call graph to 
identify a lack of uniform usage of security checks. 
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62. (Currently Amended) The system of claim 57 further comprising: 

a call graph analyzer executing on the processing unit that analyzes the call graph to 
identify an equivalence between use of a permission link-demand and a permission demand. 

63. (Original) A method comprising: 

analyzing relative to at least one query a call graph of call paths through input component 
code simulated in combination with at least one symbohc component representing additional 
arbitrary code that complies with a runtime security policy; and 

identifying a subset of the call paths in the call graph that satisfy the query. 

64. (Original) The method of claim 63 wherein the analyzing operation 
comprises: 

analyzing the call graph to identify a security-vulnerable usage of a permission demand. 

65. (Original) The method of claim 63 wherein the analyzing operation 
comprises: 

analyzing the call graph to identify a security- vulnerable usage of a permission assertion. 

66. (Original) The method of claim 63 wherein the analyzing operation 
comprises: 

analyzing the call graph to identify a lack of uniform usage of security checks. 

67. (Original) The method of claim 63 wherein the analyzing operation 
comprises: 

analyzing the call graph to identify an equivalence between use of a permission link- 
demand and a permission demand. 
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68. (Previously presented) A computer program storage medium encoding a 
computer program for executing on a computer system a computer process, the computer process 
comprising: 

analyzing relative to at least one query a call graph of call paths through input component 
code simulated in combination with at least one symbolic component representing additional 
arbitrary code that complies with a runtime security policy; and identifying a subset of the call 
paths in the call graph that satisfy the query. 

69. (Previously presented) The computer program storage medium of claim 68 
wherein the computer process further comprises: 

analyzing the call graph to identify a security-vulnerable usage of a permission demand. 

70. (Previously presented) The computer program storage medium of claim 68 
wherein the computer process further comprises: 

analyzing the call graph to identify a security- vulnerable usage of a permission assertion. 

7 1 . (Previously presented) The computer program storage medium of claim 68 
wherein the computer process further comprises: 

analyzing the call graph to identify a lack of uniform usage of security checks. 

72. (Previously presented) The computer program storage medium of claim 68 
wherein the computer process further comprises: 

analyzing the call graph to identify an equivalence between use of a permission link- 
demand and a permission demand. 

73. (Original) A system comprising: 

a call graph analyzer analyzing relative to at least one query a call graph of call paths 
through input component code simulated in combination with at least one symbolic component 
representing additional arbitrary code that complies with a runtime security policy, and 
identifying a subset of the call paths in the call graph that satisfy the query. 
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74. (Original) The system of claim 73 wherein the call graph analyzer analyzes 
the call graph to identify a security- vulnerable usage of a permission demand. 

75. (Original) The system of claim 73 wherein the call graph analyzer analyzes 
the call graph to identify a security- vulnerable usage of a permission assertion. 

76. (Original) The system of claim 73 wherein the call graph analyzer analyzes 
the call graph to identify a lack of uniform usage of security checks. 

77. (Original) The system of claim 73 wherein the call graph analyzer analyzes 
the call graph to identify an equivalence between use of a permission link-demand and a 
permission demand. 
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